VYPR

Vendor CVEs

Synology

All CVEs

319 total · sorted by risk
  • CVE-2024-53280Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…

  • CVE-2024-11398Dec 4, 2024
    risk 0.00cvss epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.

  • CVE-2024-29213Oct 18, 2024
    risk 0.00cvss epss 0.00

    Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.

  • CVE-2024-29821Oct 18, 2024
    risk 0.00cvss epss 0.00

    Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.

  • CVE-2023-52949Sep 26, 2024
    risk 0.00cvss epss 0.00

    Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

  • CVE-2023-52948Sep 26, 2024
    risk 0.00cvss epss 0.00

    Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

  • CVE-2023-52947Sep 26, 2024
    risk 0.00cvss epss 0.00

    Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be…

  • CVE-2023-52950Sep 26, 2024
    risk 0.00cvss epss 0.00

    Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.

  • CVE-2022-49041Sep 26, 2024
    risk 0.00cvss epss 0.00

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.

  • CVE-2022-49040Sep 26, 2024
    risk 0.00cvss epss 0.00

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.

  • CVE-2022-49039Sep 26, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.

  • CVE-2022-49038Sep 26, 2024
    risk 0.00cvss epss 0.00

    Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.

  • CVE-2022-49037Sep 26, 2024
    risk 0.00cvss epss 0.01

    Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2023-52946Sep 26, 2024
    risk 0.00cvss epss 0.01

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.

  • CVE-2024-39350Jun 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may…

  • CVE-2024-39348Jun 28, 2024
    risk 0.00cvss epss 0.00

    Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

  • CVE-2024-39347Jun 28, 2024
    risk 0.00cvss epss 0.01

    Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

  • CVE-2024-39352Jun 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware…

  • CVE-2024-39349Jun 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models…

  • CVE-2023-47802Jun 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified…

  • CVE-2024-26223Apr 9, 2024
    risk 0.00cvss epss 0.02

    Windows DNS Server Remote Code Execution Vulnerability

  • CVE-2024-0854Jan 24, 2024
    risk 0.00cvss epss 0.00

    URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified…

  • CVE-2024-0354Jan 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated…

  • CVE-2023-5748Oct 24, 2023
    risk 0.00cvss epss 0.00

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.

  • CVE-2023-5746Oct 24, 2023
    risk 0.00cvss epss 0.02

    A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected:…

  • CVE-2023-41741Aug 31, 2023
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2023-41740Aug 31, 2023
    risk 0.00cvss epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.

  • CVE-2023-41739Aug 31, 2023
    risk 0.00cvss epss 0.01

    Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

  • CVE-2023-41738Aug 31, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

  • CVE-2022-46783Aug 28, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book.

  • CVE-2023-28129Aug 10, 2023
    risk 0.00cvss epss 0.00

    DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.

  • CVE-2022-46782Aug 5, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.

  • CVE-2023-2729Jun 13, 2023
    risk 0.00cvss epss 0.01

    Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

  • CVE-2023-0142Jun 13, 2023
    risk 0.00cvss epss 0.01

    Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via…

  • CVE-2023-32956May 16, 2023
    risk 0.00cvss epss 0.02

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2023-32955May 16, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via…

  • CVE-2023-0077Jan 5, 2023
    risk 0.00cvss epss 0.01

    Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

  • CVE-2022-43932Jan 5, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2022-43931Jan 3, 2023
    risk 0.00cvss epss 0.17

    Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2022-43748Oct 26, 2022
    risk 0.00cvss epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.

  • CVE-2022-43749Oct 26, 2022
    risk 0.00cvss epss 0.01

    Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.

  • CVE-2022-27622Oct 25, 2022
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.

  • CVE-2022-27623Oct 25, 2022
    risk 0.00cvss epss 0.01

    Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.

  • CVE-2022-3576Oct 20, 2022
    risk 0.00cvss epss 0.01

    A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM)…

  • CVE-2022-27624Oct 20, 2022
    risk 0.00cvss epss 0.01

    A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following…

  • CVE-2022-27625Oct 20, 2022
    risk 0.00cvss epss 0.01

    A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following…

  • CVE-2022-27626Oct 20, 2022
    risk 0.00cvss epss 0.01

    A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified…

  • CVE-2022-27621Aug 3, 2022
    risk 0.00cvss epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors.

  • CVE-2022-27620Aug 3, 2022
    risk 0.00cvss epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.

  • CVE-2022-27619Aug 3, 2022
    risk 0.00cvss epss 0.00

    Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

Page 4 of 7